LinkedIn PhishingLearn how to identify Phishing attempts and protect your company data.
LinkedIn Phishing is now a thing. What is abundantly clear from the Wells Fargo phishes we found is that LinkedIn has become a viable platform for launching spear phishing attacks against users who have been targeted for their connections to a high profile financial institution.
LinkedIn is now valued not only for its wealth of data on potential targets for all manner of scams and targeted phishing attacks but for its usefulness in generating emails that leverage LinkedIn’s own reputation to bypass security solutions implemented by organizations worldwide.
Given the restrictions surrounding the use of LinkedIn’s messaging features, we doubt that these kinds of leveraged attacks will ever achieve high volume distribution. But LinkedIn’s inherent reputation does lend itself to launching very targeted attacks against corporate lucrative targets.
It’s going to get worse from here
A credentials phish, as we saw in these two cases, is the most basic of phishing attacks. Having proven LinkedIn’s viability as a phishing platform, we expect malicious actors will find creative ways to exploit LinkedIn’s data and messaging features to launch still more dangerous and creative attacks against LinkedIn users in the near future. Step your employees through new-school security awareness training.
Remember that LinkedIn is only the latest in a string of site generally considered safe now being used by hackers to send malicious emails. Several months ago the researchers at Proofpoint found the bad guys had figured out a way to turn PayPal itself into a phishing platform, exploiting the “money request” feature in PayPal, which allows senders to include a personalized message, to phish potential victims via malicious emails delivered through PayPal’s own service. Those unwary enough to click the embedded links included in those malicious emails were rewarded with the Chthonic banking Trojan.
Click the button below for much more background, screenshots and links:
Think you've been hacked through LinkedIn?
We can help your organization create plans that help to safeguard your network.